Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Disable guest accounts #1203

Merged
merged 2 commits into from
Nov 11, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions backend/requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ dnspython==2.6.1
fastapi==0.110.2
fuzzywuzzy==0.18.0
h11==0.14.0
hiredis==3.0.0
hypothesis==6.61.0
idna==3.7
immutabledict==4.2.0
Expand Down
17 changes: 1 addition & 16 deletions backend/server/routers/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
from server.db.helpers.users import delete_user, insert_new_user

from .utility.sessions.errors import ExpiredRefreshTokenError, ExpiredSessionTokenError, OldRefreshTokenError
from .utility.sessions.interface import create_new_guest_token_pair, get_session_info_from_refresh_token, get_session_info_from_session_token, logout_session, setup_new_csesoc_session, create_new_csesoc_token_pair, setup_new_guest_session
from .utility.sessions.interface import create_new_guest_token_pair, get_session_info_from_refresh_token, get_session_info_from_session_token, logout_session, setup_new_csesoc_session, create_new_csesoc_token_pair

from .utility.sessions.middleware import HTTPBearer401, set_secure_cookie
from .utility.oidc.requests import DecodedIDToken, exchange_and_validate, generate_oidc_auth_url, get_userinfo_and_validate, refresh_and_validate, revoke_token, validate_authorization_response
Expand Down Expand Up @@ -100,21 +100,6 @@ def _try_get_session_info_for_logout(session_token: SessionToken, refresh_token:




@router.post('/guest_login')
def create_guest_session(res: Response) -> IdentityPayload:
# create new login session for user in db, generating new tokens
uid = insert_new_guest_user()
new_session_token, session_expiry, new_refresh_token, refresh_expiry = setup_new_guest_session(uid)

# TODO-OLLI(pm): setting up proper logging

# set the cookies and return the identity
set_secure_cookie(res, REFRESH_TOKEN_COOKIE, new_refresh_token, refresh_expiry)
return IdentityPayload(session_token=new_session_token, exp=session_expiry, uid=uid)



@router.post("/refresh", response_model=IdentityPayload)
def refresh(res: Response, refresh_token: Annotated[Optional[RefreshToken], Cookie(alias=REFRESH_TOKEN_COOKIE)] = None) -> IdentityPayload:
# refresh flow - returns a new identity given the circles refresh token
Expand Down
23 changes: 23 additions & 0 deletions backend/server/routers/dev.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
from fastapi import APIRouter, Response

from server.routers.auth import REFRESH_TOKEN_COOKIE, IdentityPayload, insert_new_guest_user
from server.routers.utility.sessions.interface import setup_new_guest_session
from server.routers.utility.sessions.middleware import set_secure_cookie


router = APIRouter(
prefix="/dev",
tags=["dev"],
)

@router.post('/guest_login')
def create_guest_session(res: Response) -> IdentityPayload:
# create new login session for user in db, generating new tokens
uid = insert_new_guest_user()
new_session_token, session_expiry, new_refresh_token, refresh_expiry = setup_new_guest_session(uid)

# TODO-OLLI(pm): setting up proper logging

# set the cookies and return the identity
set_secure_cookie(res, REFRESH_TOKEN_COOKIE, new_refresh_token, refresh_expiry)
return IdentityPayload(session_token=new_session_token, exp=session_expiry, uid=uid)
4 changes: 4 additions & 0 deletions backend/server/server.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
Configure the FastAPI server
"""

import os
from contextlib import asynccontextmanager
from data.config import LIVE_YEAR
from fastapi import FastAPI
Expand Down Expand Up @@ -55,6 +56,9 @@ async def on_setup_and_shutdown(_app: FastAPI):
app.include_router(followups.router)
# TODO: hide this behind a feature flag?
# app.include_router(ctf.router)
if os.getenv("APP_ENV") == "dev":
from server.routers import dev
app.include_router(dev.router)


@app.get("/")
Expand Down
2 changes: 1 addition & 1 deletion backend/server/tests/user/utility.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ def clear():
setup_redis_sessionsdb()

def get_token():
return requests.post('http://127.0.0.1:8000/auth/guest_login', timeout=5000).json()["session_token"]
return requests.post('http://127.0.0.1:8000/dev/guest_login', timeout=5000).json()["session_token"]

def get_token_headers(token: str):
return {"Authorization": f"Bearer {token}"}
4 changes: 3 additions & 1 deletion frontend/src/pages/Login/Login.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,9 @@ const Login = () => {
<h2>Login to Circles</h2>
<p>For current UNSW Students</p>
<S.LoginButton onClick={initiateCSEAuth}>Login with zID</S.LoginButton>
<S.GuestButton onClick={guestLogin}>Continue as guest</S.GuestButton>
<S.GuestButton onClick={guestLogin} disabled>
Continue as guest (coming soon)
</S.GuestButton>
</S.Login>
</S.Right>
</S.Wrapper>
Expand Down
4 changes: 4 additions & 0 deletions frontend/src/pages/Login/styles.ts
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,10 @@ const GuestButton = styled.button`
margin: 20px;
cursor: pointer;
transition: all 0.3s;
&:disabled {
opacity: 0.5;
cursor: not-allowed;
}
&:hover {
${({ theme }) =>
theme.loginSplash &&
Expand Down
3 changes: 3 additions & 0 deletions setup_env.py
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,9 @@ def main() -> None:

if env.in_production:
backend_env["FORWARDED_ALLOWED_IPS"] = "*"
backend_env["APP_ENV"] = "prod"
else:
backend_env["APP_ENV"] = "dev"

# mongodb - backend + mongodb
mongo_username = env.get_variable("MONGODB_USERNAME", "name")
Expand Down
Loading